I’m in a dilemma that I need a ‘best practice’ solution for.
Let’s take Trend Automatic Update task for instance. I want this task to apply to all PCs at all times. I have it pushed dynamically to all endpoints so that any new endpoint falls into the scope. This task runs indefinitely. We have been told to never run tasks under the Master Operator because this increases the Master Action Site size. So we’ve been running these Policy tasks under our non-master operator accounts.
Running the health checks, this gets flagged as a “warning” and shows the user account and the actions that have no end dates. Along with that, if there is ever a need to delete\recreate the operator for corruption issues, all of the issued actions under that site are stopped. Logically this makes sense, but it just seems risky to have very important policy actions be at the mercy of an opsite.
What is the best practice to push a policy action without flagging under health checks or being deleted when the opsite is recreated? Maybe this is just the way it’s supposed to work? I’m sure there is something I’m just not seeing here.